SSL encryption -
Store securely
Secure payment through SSL encryption
http://www.netzwelt.de/news/85067-netzwelt-wissen-ssl-verschluesselung.html
The SSL protocol creates secure connections from three points of view:
1. the connection is private in the best sense, because its content passes over the network only in encrypted form.
2. the identity of the server is fixed.
3. effective algorithms check whether the data reaches its respective recipient completely and unaltered.
Encryption and authentication in one
3-steps procedure
SSL is designed for the client and server to virtually shake hands instead of just talking. The entire process is divided into three phases: In the first step, the client's browser establishes a connection to the HTTP server under a specific domain, such as www.ideas-in-boxes.de,... (read more)
...HTTPS connection. This is preceded by the abbreviation "https://" instead of "http://", so that both client and server can distinguish the secure request from the insecure requests. The connection is established by converting the domain into an IP address and establishing TCP/IP communication. The client sends a hello message to the server: In this, it tells which is the most modern version of SSL or TLS that it understands. The server responds to the "hello" with its own confirmation message.
In the second step, the server sends its certificate to the client: this is usually written according to the X.509 standard in version 3.0 and contains information about the owner and his address, the domain and the validity of the certificate. The certificate also contains information about the issuer that is important for validating the certificate: By means of so-called master certificates, which rank above those of the customer, he can directly verify the virtual signature of the issuer such as VeriSign or Thawte.
Each certificate contains additional keys and information about the signature algorithm, which can be used to do this fully automatically. Every modern browser and operating system comes with a set of master certificates from the world's major authentication institutions. If necessary, the server can also request a certificate to authenticate the client, but this is rather theoretically provided for in SSL - in practice, the SSL/TLS handshake usually proceeds without this step.
The last step to a secure connection is that client as well as server agree on a key to encode the data. Since SSL and TLS always use symmetric encryption methods such as DES or AES, it saves the participating browsers and HTTP servers a whole lot of work: With symmetric encryption, one and the same key is used for both encoding and decoding. The secret key is derived from the so-called master secret, which in turn is derived from the pre-master secret. The latter is a random character string with a length of 32 bytes.
